Notify auth providers on logout

Provide a hook by which auth providers can be notified of logouts.
2025-05-02 10:56:06 -04:00 · 2017-11-01 15:42:38 +00:00 · 2017-11-01 15:42:38 +00:00 · bc8a5c0330
commit bc8a5c0330
parent 846a94fbc9
3 changed files with 42 additions and 7 deletions
--- a/synapse/handlers/auth.py
+++ b/synapse/handlers/auth.py
@ -682,6 +682,7 @@ class AuthHandler(BaseHandler):
        yield self.store.user_delete_threepids(user_id)
        yield self.store.user_set_password_hash(user_id, None)

+    @defer.inlineCallbacks
    def delete_access_token(self, access_token):
        """Invalidate a single access token

@ -691,8 +692,19 @@ class AuthHandler(BaseHandler):
        Returns:
            Deferred
        """
-        return self.store.delete_access_token(access_token)
+        user_info = yield self.auth.get_user_by_access_token(access_token)
+        yield self.store.delete_access_token(access_token)

+        # see if any of our auth providers want to know about this
+        for provider in self.password_providers:
+            if hasattr(provider, "on_logged_out"):
+                yield provider.on_logged_out(
+                    user_id=str(user_info["user"]),
+                    device_id=user_info["device_id"],
+                    access_token=access_token,
+                )
+
+    @defer.inlineCallbacks
    def delete_access_tokens_for_user(self, user_id, except_token_id=None,
                                      device_id=None):
        """Invalidate access tokens belonging to a user
@ -707,10 +719,20 @@ class AuthHandler(BaseHandler):
        Returns:
            Deferred
        """
-        return self.store.user_delete_access_tokens(
+        tokens_and_devices = yield self.store.user_delete_access_tokens(
            user_id, except_token_id=except_token_id, device_id=device_id,
        )

+        # see if any of our auth providers want to know about this
+        for provider in self.password_providers:
+            if hasattr(provider, "on_logged_out"):
+                for token, device_id in tokens_and_devices:
+                    yield provider.on_logged_out(
+                        user_id=user_id,
+                        device_id=device_id,
+                        access_token=token,
+                    )
+
    @defer.inlineCallbacks
    def add_threepid(self, user_id, medium, address, validated_at):
        # 'Canonicalise' email addresses down to lower case.